Your data, your control.

1.Who is responsible for your data

The data controller for Boopfy is AtaForge Inc., a Delaware C-Corporation. For any privacy question, or to exercise your rights, contact [email protected].

This policy covers personal data we process when you use the Boopfy website, dashboard and APIs.

2.What data we collect

Account data: your name, email, phone, country, language, password (stored only as a hash) and login one-time codes. Company data: the legal and trading details of the companies you manage, including registration and tax-identification numbers.

Financial data: the bookkeeping entries, invoices, documents and bank-feed transactions you create or connect. Usage and security data: IP address, approximate location, device, browser and the actions you take in the app, kept for security and audit. Payment data: handled by our processor Stripe — we do not store full card numbers.

3.How and why we use your data (legal bases)

To provide the Service — keep your books, prepare and submit returns and show your deadlines (performance of our contract with you). To bill your subscription (contract). To meet our own legal and accounting obligations (legal obligation).

To keep accounts secure, prevent fraud and improve reliability (our legitimate interests). Where we rely on consent — for example optional communications — you can withdraw it at any time.

4.Bank and financial information

When you connect a bank feed, we receive read-only transaction data through a regulated bank-data provider; we never receive your online-banking password and cannot move money. Sensitive identifiers (such as tax-identification numbers) are encrypted with bank-grade field-level encryption.

5.When we share data

We share data with tax authorities only to file the returns you ask us to submit. We use trusted sub-processors to run the Service — including our payment processor (Stripe), our bank-data provider, cloud hosting and storage, and email delivery — each under contracts that protect your data.

We never sell your personal data. We may disclose data if required by law or to protect our rights, users or the public.

6.Where your data is stored

We store customer data in the European Union with strict per-account isolation. Where data is transferred to a country without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses.

7.How we protect your data

Data is encrypted in transit and at rest (AES-256), with additional field-level encryption on the most sensitive identifiers. Every login requires a one-time email code, access is isolated per account, uploaded files are virus-scanned, and security-relevant actions are logged.

8.How long we keep it

We keep your data while your account is active and for as long as needed to provide the Service. Accounting and tax records are retained for the periods required by applicable law. When retention is no longer required, we delete or anonymise the data.

9.Your rights

Subject to local law, you can access, correct, export, restrict or object to the processing of your personal data, and ask us to delete it. You can also withdraw consent where processing relies on it.

Exercise these rights from dashboard → settings → privacy, or email [email protected] — we respond within 30 days. You also have the right to complain to your local data-protection authority.

10.Cookies

We use only essential cookies needed to sign you in and keep your session secure. We do not use advertising or cross-site tracking cookies.

11.Children

Boopfy is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.

12.Changes and contact

We may update this policy and will give reasonable notice of material changes. For any privacy question or request, contact [email protected].